The Chairman of the Joint Chiefs of Staff has just sent a message to the incumbent President on Election Day: “We are experiencing a massive cyberattack”. Several of the country’s critical infrastructures have been infected with malware, which has also infiltrated the country’s allies’ communications networks, even managing to gain access to files considered by NATO to be highly classified material. As if that weren’t enough, hundreds of people, spurred on by fake posts and messages spread by bots on social networks, are rioting all over the country and trying to obstruct the vehicles and boats carrying ballot papers.
The Cyber Coalition
The previous paragraph isn’t an excerpt from a Tom Clancy novel; it is the potential beginning of Cyber Coalition, the three-day annual exercise carried out by NATO every year to prepare its members’ responses to cyberattacks. In its latest edition, the Allied cyberdefense specialists’ mission was to defending Tytan from attacks on its elections, mitigating the interference of Stellaria. Both of these nations are, of course, fictitious, but there are certain parallels with reality.
Hybrid wars
This kind of exercise is already common among western armed forces. The increasingly hybrid nature of battlefields, where non-conventional forces have a larger presence, have given cyberwar a more relevant role. And not just in intelligence, espionage or lobbying activities: also in sabotage, the outcome of which can be just as catastrophic as an attack by conventional forces, just as we explained when we discussed the huge risks of attacks on critical infrastructures. But in the near future, even artificial intelligence will have a key role to play in unpredictable actions, which, according the think tank Brookings Institution, could take out thousands of infrastructures, vehicles, and aircraft.
For these reasons, preparation and exercises are fundamental for prevention of state sponsored or military cyberattacks. Private organizations can also learn a thing or two from this approach and the activities it entails, even organizations completely removed from the defense industry. Here, we take a look at what organizations can learn from military cyberdefense.
– Strategic vision
After the 9/11 terrorist attacks, the USA gathered experts from different disciplines in order to design strategies to determine future threats to the country, and to prevent possible attacks. Cyberspace was one of the key environments. Since then, the Department of Homeland Security and the White House have been regularly publishing a national cyberdefense strategy, the latest version of which was published in September 2018.
As well as this, in 2009 it created a Cyber Command, which reports directly to the Department of Defense rather than other government agencies. Allies of the US were quick to follow this example. Spain, for example, created the Joint Cyber-Defense Command in 2013.
All of these measures demonstrate the strategic importance assigned by nation states to a military cyberdefense model that goes beyond one-off actions or intervention simply from IT experts. This is where companies, especially large corporations, must also bear in mind the importance of cybersecurity for the organization, by designing a complete strategy with specific management roles such as Chief Security Officer or Chief Security Information Officer.
– Coordination and response
28 NATO member states participated in the Cyber Coalition’s exercises, along with over 700 specialists of varying ranks and disciplines. All of them had to deal with multiple cyberattacks, and then establish priorities in how they responded to them, and what actions they took. This required a huge capacity for coordination among different units.
Cyberattacks on a company can also be massive character and affect different departments aside from the IT department, from finance to sales. This is why coordination within the organization is the key to responding to threats as quickly and appropriately as possible.
– Training
The cyberdefense exercises themselves are proof that training is the best measure to prevent threats. War games, which date back to the 19th Century Prussian school, are an example of gamification that companies can use to train their employees in cybersecurity. On the other hand, beyond simulated games, states also carry out drills with real cyberattacks to put their defenses to the test. It is on this principle that pen testing is based, which, as we explained, can be a highly valuable tool for our company.
All these elements require resources, both human and physical, in order to execute a cybersecurity strategy. Above all, these exercises bring to the fore the indispensable role of the people of a nation state or an organization in preventing and tackling cyberattacks. But military cyberdefense also demonstrates the fact that it is important to have assets and advanced technological solutions, such as Panda Adaptive Defense, which cover all possible attack vectors and constantly monitor our organization’s theater of operations, that is, the whole environment, every endpoint, and ultimately, all cyberactivity in the whole company.